10-29-2012 08:58 PM - edited 03-11-2019 05:15 PM
When a company switch ISP provider and receive a new block of public IPs, what is the best practice to reconfigure the ASA, its outside interface, DNS, default route and other services like SMTP, sftp with minimum downtime? Is there anything that I can configure in advance if I know the new block of public IPs ? This is my first time having to switch ISP provider, so don't mind me asking such a dumb question. Any feedback or suggestion is appreciated.
Solved! Go to Solution.
10-29-2012 09:06 PM
The only thing that you can pre-configure before the cutover is any access-list that is applied to the outside interface. You can start configuring the extra lines of access-list for the new block of IP.
Any other configuration, like outside interface, default route, NAT statement, DNS should really be configured on the cutover itself. You can't really preconfigure it on the ASA as it will conflict with the existing service. You can however get all the commands ready on a notepad, and just copy and paste the new IP (including removing the old IP) during the cutover.
I would also schedule maintenance window to perform all that.
Hope that helps.
10-29-2012 09:06 PM
The only thing that you can pre-configure before the cutover is any access-list that is applied to the outside interface. You can start configuring the extra lines of access-list for the new block of IP.
Any other configuration, like outside interface, default route, NAT statement, DNS should really be configured on the cutover itself. You can't really preconfigure it on the ASA as it will conflict with the existing service. You can however get all the commands ready on a notepad, and just copy and paste the new IP (including removing the old IP) during the cutover.
I would also schedule maintenance window to perform all that.
Hope that helps.
10-30-2012 01:33 AM
For a migration like this you should run at least v8.3. With the changed NAT-model the amount you have to reconfigure is much less then with the version 8.2 and below. With 8.3+ you normally only have to change the interface-ip, default-route and your nat-statements.
You could also consider to run both lines in parallel for a month or so. That way you can migrate server for server to the new ISP and you don't have to do it all at once. But if there are not that many systems involved I'd prefer to do a complete switchover on one weekend instead of doing it over a longer period server by server.
Sent from Cisco Technical Support iPad App
10-30-2012 09:30 AM
Thank you both very much. It helps a lot now knowing what I can preconfigure and do during the cut over. We do not have that many servers and services so I might just do it all at once over a weekend. Appreciated!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide